Welcome to Day 56 of the #100DaysOfDevOps Challenge! Today we will deep dive into AWS Internet Gateway and NAT Gateway

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic.

Internet Gateway

• Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

• Internet Gateway enables resources (like EC2 instances) in public subnets to connect to the internet. Similarly, resources on the internet can initiate a connection to resources in your subnet using the public.

• If a VPC does not have an Internet Gateway, then the resources in the VPC cannot be accessed from the Internet (unless the traffic flows via a Corporate Network and VPN/Direct Connect).

• Internet Gateway supports IPv4 and IPv6 traffic.

• Internet Gateway does not cause availability risks or bandwidth constraints on your network traffic.

• To make the subnet public, add a route to your subnet’s route table that directs internet-bound traffic to the internet gateway.

• You can associate exactly one Internet Gateway with a VPC.

• Internet Gateway is not Availability Zone specific.

• There’s no additional charge for having an internet gateway in your account.

NAT Gateway

• NAT Gateway (NGW) is a managed Network Address Translation (NAT) service.

• NAT Gateway does something similar to Internet Gateway (IGW), but it only works one way: Instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

• NAT gateways are supported for IPv4 or IPv6 traffic.

• NAT gateway supports the following protocols: TCP, UDP, and ICMP.

• Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone.

• If you have resources in multiple Availability Zones and they share one NAT gateway, and if the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose internet access.

• To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.

• You can associate exactly one Elastic IP address with a public NAT gateway.

• You are charged for each hour that your NAT gateway is available and each Gigabyte of data that it processes.

NAT gateway replaces the source IP address of the instances with the IP address of the NAT gateway.

The key differences between an Internet Gateway and a NAT Gateway are:

• Internet GW allows both inbound and outbound access to the internet whereas the NAT Gateway only allows outbound access. Thus, IGW allows instances with public IPs to access the internet whereas NAT Gateway allows instances with private IPs to access the internet.

• You only need one Internet Gateway per VPC whereas you need one NAT Gateway per Availability Zone (AZ)

• There is no additional cost to use Internet Gateway whereas NAT Gateway incurs charges based on the creation and usage.

• You can add a network address translation (NAT) gateway to your AWS Network Firewall architecture, for the areas of your VPC where you need NAT capabilities. AWS provides NAT gateways decoupled from your other cloud services, so you can use it in your architecture only where you need it.

• This can help you reduce load and load costs. For information about NAT gateways, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

  The following figure depicts a VPC configuration for a Network Firewall with an internet gateway and a NAT gateway.

  ![

  ](docs.aws.amazon.com/images/network-firewall.. align="left")